<?php
session_start();
include("load-settings.php");

$error = "";

if(isset($_POST['oldpassword']))
{
	$oldpassword = mysql_real_escape_string($_POST['oldpassword']);
	$newpassword = mysql_real_escape_string($_POST['newpassword']);
	$cnewpassword = mysql_real_escape_string($_POST['cnewpassword']);

	$user = $_SESSION['user'];

	if($oldpassword == "" || $newpassword == "")
	{
		$error = "Fields cannot be blank.";
	}
	else if($newpassword != $cnewpassword)
	{
		$error = "Passwords must match.";
	}
	else
	{
		$result = mysql_query("SELECT * FROM user WHERE id = $user");
		$row = mysql_fetch_array($result);
		
		if(crypt($oldpassword, $row['password']) != $row['password'])
		{
			$error = "Incorrect password.";
		}
		else
		{
			$new_hash = crypt($newpassword, $row['password']);
			mysql_query("UPDATE user SET password = '$new_hash' WHERE id = $user");
			$error = "Password successfully changed.";
		}
		
	}
}
?>
<!doctype html>
<html>
<head>
  <meta charset="UTF-8" />
  <meta name="viewport" content="width=device-width, maximum-scale=1, initial-scale=1, user-scalable=0">

  <!-- Always force latest IE rendering engine or request Chrome Frame -->
  <meta content="IE=edge,chrome=1" http-equiv="X-UA-Compatible">
<link rel="icon" href="http://veteranboosters.com/orders/images/favicon.ico" type="image/x-icon"/>
<link rel="shortcut icon" href="http://veteranboosters.com/orders/images/favicon.ico" type="image/x-icon"/>
  <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Open+Sans:400,600,800">

  <!-- Use title if it's in the page YAML frontmatter -->
  <title>Veteran Boosters Member Area</title>


  <!--[if lt IE 9]>
  <script src="../../javascripts/vendor/html5shiv.js" type="text/javascript"></script>
  <script src="../../javascripts/vendor/excanvas.js" type="text/javascript"></script>
  <![endif]-->

  <link href="stylesheets/application.css" media="screen" rel="stylesheet" type="text/css" />
  <script src="javascripts/application.js" type="text/javascript"></script>
</head>
<?php
	include("top.php");
?>
  <div class="container-fluid padded">
    <div class="row-fluid">

      <!-- Breadcrumb line -->

      <div id="breadcrumbs">
               <div class="breadcrumb-button blue">
                  <span class="breadcrumb-label"><i class="icon-home"></i> Home</span>
                  <span class="breadcrumb-arrow"><span></span></span>
               </div>

               <div class="breadcrumb-button">
                  <span class="breadcrumb-label">
                     <i class="icon-user"></i> Members
                  </span>
                  <span class="breadcrumb-arrow"><span></span></span>
               </div>
               
               <div class="breadcrumb-button">
                  <span class="breadcrumb-label">
                     <i class="icon-reorder"></i> Password Change                  </span>
                  <span class="breadcrumb-arrow"><span></span></span>
               </div>
            </div>
    </div>
  </div>

  <div class="container-fluid padded">
    <div class="row-fluid">
   <div class="span12">
      <div class="box">
         <div class="box-header">
            <span class="title">Password Change</span>
         </div>
         <div class="box-content">
            <form enctype="application/x-www-form-urlencoded" class="form-horizontal" action="" method="post"><div class="padded">
<div class="control-group"><label for="oldpassword" class="control-label required">Current password</label>
<div class="controls">
<input type="password" name="oldpassword" id="oldpassword" value="" size="30"></div></div>
<div class="control-group"><label for="newpassword" class="control-label required">New password</label>
<div class="controls">
<input type="password" name="newpassword" id="newpassword" value="" size="30"></div></div>
<div class="control-group"><label for="cnewpassword" class="control-label optional">Confirm new password</label>
<div class="controls">
<input type="password" name="cnewpassword" id="cnewpassword" value="" size="30"></div></div>
<div class="controls" style = "color: red"><?php echo $error; ?></div>
<div class="form-actions">
<input type="submit" name="submit" id="submit" value="Change Password" class=" btn btn-blue"></div></div></form>         </div>
      </div>
   </div>
</div>
  
</div>
<?php
	include("bottom.php");
?>
